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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claim 1-10 are rejected under 35 U.S.C. 102 (b) as being anticipated by Baker et al 
hereinafter Baker (U.S. 5,793,954). 

Referring to claim 1 Baker discloses a method for triggering by means of a digital 
processing device (1,2) , at least one action on digital communication data when they 
belong to one and the same semantic flow for which said action is designed, comprises: 
feeding the device with at least one filter having three possible states which result from 
one or more conditions on one or more protocol attributes specified for said semantic 
flow, a valid state corresponding to protocol attribute values which confirm that said 
condition or conditions are satisfied (Col. 1 lines 20-25 Conventional network protocol 
analyzers provide, for a predefined set of network frame structures or protocols, a system for 
monitoring the activity of a network and the stations on it by allowing network traffic to be 
captured and stored for later analysis. Common capture and analysis capabilities include the 
gathering of statistics, subsequent report generation, the ability to filter frames based on specific 
criteria, and the ability to generate network traffic), an invalid state corresponding to protocol 
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attribute values which confirm that said condition or conditions are not satisfied, an uncertain 
state corresponding are or are not satisfied, each protocol attribute being specified by an ordered 
sequence of protocol names used in the semantic flow and by a parameter name conveyed by a 
protocol whose name is indicated in said ordered sequence of protocol names (Col. 16 lines If a 
lookup structure exists for a particular field but the extracted value is not found therein (at 3 14 
and 316), parsing still continues with the next defined field of the current protocol. However, the 
value is considered invalid. Values or ranges of values found in configured lookup structures are 
considered to be valid. The Prot and Nextlndex values associated with a value or range found are 
used to specify NextProtocol, the protocol description (at 308) to be used after current protocol 
header parsing is completed, and the index of the next field (at 3 10) is used to determine where 
parsing of the current protocol will continue after the current field. The first valid field parsed in 
a protocol that specifies the NextProtocol has precedence over all subsequent NextProtocol 
specifiers (at 306). The Validate Value control logic returns an updated CurField value (at 3 12 
and 316) together with a valid/invalid indication, and where indicated (at 308) may return an 
updated value for NextProtocol. Using value 0.times.8888 as an example, if the Validate Value 
control logic is applied to the Ethernet Type field and associated lookup structure shown in 
FIGS. 4a and 4d respectively, the lookup structure would be found (at 302), the value will be 
found in it (at 304), the associated Protocol field found with the range containing 0,times.8888 
value will be used to update the NextProtocol variable (at 308) if it is NULL (at 306), and the 
associated Next Index field will be used to update the CurField variable). ; applying the three- 
state filter to said communication data as long as these data have not afforded protocol 
attribute values other that those from which said uncertain state of the filter results; and 
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triggering said when said valid state of the filter results from protocol attribute values 
afforded by the communication data (Col 1. lines 45-65 A frame filter consists of one or more 
criteria which specify one or more valid values for a frame (or segments of a frame). Frame 
filtering criteria are typically implemented using an offset (from frame or protocol header start), 
a length in bits which defines a field, a value for comparison, and mask values for identifying 
relevant and irrelevant bits within the field. For multiple value filter criteria, the result from each 
filter value is logically OR'ed together to obtain an overall result. Therefore, each additional 
result adds to the processing required to filter a given field. For filtering on optional protocol 
fields that do not occur at the same relative offset in each protocol frame, this method is time- 
consuming. Thus, it would be desirable to perform filtering on both fixed and optional variable 
offset fields for any number of values or ranges of values without incurring any additional 
overhead). 

Referring to claim 2 Baker discloses all the limitations of claim 2 which is described 
above. Baker also discloses to apply the filter to said communication data, the method 
further comprises: dispatching one of said protocol attributes to a protocol interface 
allocated to the protocol indicated in the ordered sequence of protocol names, until the 
state of the filter is valid or invalid or until all the protocol attributes have been 
dispatched; searching through the communication data for value of the specified 
parameter and transmitting this value to the digital processing device if it finds the 
former; and evaluating the state of the filter which corresponds to the value or the 
absence of value transmitted by the protocol interface. ( Col. 16 lines 33-58 The 
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Validate Value control logic shown in FIG. 14 is performed on each extracted field value by the 
ParseFields control logic (at 214) shown in FIG. 13. Each field may have an associated lookup 
structure reference containing one or more values and/or ranges of values that have a particular 
meaning for that field. If no lookup structure is configured for a particular field, all values are 
deemed to be valid (at 3 1 8 and 312), which causes parsing to continue with the next sequentially 
defined field of the current protocol description. If a lookup structure exists for a particular field 
but the extracted value is not found therein (at 3 14 and 316), parsing still continues with the next 
defined field of the current protocol. However, the value is considered invalid. Values or ranges 
of values found in configured lookup structures are considered to be valid. The Prot and 
Nextlndex values associated with a value or range found are used to specify NextProtocol, the 
protocol description (at 308) to be used after current protocol header parsing is completed, and 
the index of the next field (at 3 10) is used to determine where parsing of the current protocol will 
continue after the current field. The first valid field parsed in a protocol that specifies the 
NextProtocol has precedence over all subsequent NextProtocol specifiers (at 306). The 
ValidateValue control logic returns an updated CurField value (at 3 12 and 316) together with a 
valid/invalid indication, and where indicated (at 308) may return an updated value for 
NextProtocol.) 

Referring to claim 3 Baker discloses all the limitations of claim 3 which is described 
above Baker also discloses wherein each filter for feeding said digital processing device 
is defined by a logical combination of rules in a first table [[(64]], each rule being defined 
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in a second table [[(65)]] by verification expression comprising at least one comparison 
operator, an argument of which is the protocol attribute. (Col. 17 lines 6-20 Referring back 
to the ParseFields control logic shown in FIG. 13, the ParseFields control logic parses the fields 
in each protocol header contained in a particular network frame by using field values obtained in 
accordance with information specified in associated protocol descriptions. The ParseFields 
control logic is applied for each protocol description required for a particular network frame. If 
the ParseFields control logic were applied to the exemplary frame, "Frame (1)," described above, 
the network interface system 10 of the present invention would apply the ParseFields control 
logic with the protocol descriptions for the Ethernet protocol shown in Table 12, the GP shown 
in Table 13, and an unspecified Data protocol description.) 

Referring to claim 4 Baker discloses all the limitations of claim 4 which is described 
above. Baker also discloses wherein to evaluate the state of the filter which 
corresponds to the value or to the absence of value transmitted by the protocol 
interface, the digital processing device evaluates the state of at least one rule in the 
logical combination as a function of the transmission of value and then the state given 
by the logical combination applied to the evaluated states of rules. (Col. 17 lines 63-67 - 
Col. 8 linesl-21) If Index is less than NextCriterialndex (at 402) it indicates that this filter criteria 
does not need to be evaluated. This may occur because a filter channel has been satisfied and 
NextCriterialndex has been set to TotalCriteria to disable further filter processing. If Index is 
greater than NextCriterialndex (at 404) this indicates that a filter criteria was skipped in the 
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evaluation of this filter channel which invalidates the filter result. In this case, further filter 
evaluation is disabled (at 414) by setting NextCriterialndex to TotalCriteria and ApplyFilter 
returns to the caller. If Index and NextCriterialndex are equal, the field value is found (at 406) in 
the associated lookup table, NextCriterialndex is updated with the associated Nextlndex value 
and if the associated return value status is PASS. sub.- FRAME, the System Filter Status is 
updated to PASS.sub.- FRAME. In this preferred embodiment, the range of possible values for a 
field must be fully covered. Similarly, in the preferred embodiment a frame will be completely 
parsed for statistics gathering. Criteria (0) cannot be used to determine a PASS/FILTER. sub. - 
FRAME result for the filter expression above because it must be logically AND'ed with criteria 
(1). This is illustrated in FIG. 10b, where every value results in no change to the status. The 
logical AND with criteria (1) is implemented using the Nextlndex value. If criteria (0) is FALSE 
then Nextlndex is 2 which causes criteria (1) to be skipped, otherwise Nextlndex is 1 .) 

Referring to claim 6 Baker discloses a computer system for triggering at least one action 
on digital communication data when they belong to one and the same semantic flow for 
which said action is designed, a digital processing device a filtering engine [[1]] and [[of]] 
an actions engine [[2]]; a database [[6]] for feeding the filtering engine [[1]] with at least 
one filter having three possible states which result from one or more conditions on one 
or more protocol attributes specified for said semantic flow [[,]]; [[-]] at least one data 
structure for cataloguing a valid state corresponding to protocol attribute values which 
confirm that said condition or conditions are satisfied(Col. 1 lines 20-25 Conventional 
network protocol analyzers provide, for a predefined set of network frame structures or 
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protocols, a system for monitoring the activity of a network and the stations on it by allowing 
network traffic to be captured and stored for later analysis. Common capture and analysis 
capabilities include the gathering of statistics, subsequent report generation, the ability to filter 
frames based on specific criteria, and the ability to generate network traffic.) , an invalid state 
corresponding to protocol attribute values which confirm that said condition or conditions are 
not satisfied, an uncertain state corresponding are or are not satisfied, each protocol attribute 
being specified by an ordered sequence of protocol names used in the semantic flow and by a 
parameter name conveyed by a protocol whose name is indicated in said ordered sequence of 
protocol names (Col. 16 lines If a lookup structure exists for a particular field but the extracted 
value is not found therein (at 3 14-and 316), parsing still continues with the next defined field of 
the current protocol . However, the value is considered invalid. Values or ranges of values found 
in configured lookup structures are considered to be valid. The Prot and Nextlndex values 
associated with a value or range found are used to specify NextProtocol, the protocol description 
(at 308) to be used after current protocol header parsing is completed, and the index of the next 
field (at 3 10) is used to determine where parsing of the current protocol will continue after the 
current field. The first valid field parsed in a protocol that specifies the NextProtocol has 
precedence over all subsequent NextProtocol specifiers (at 306). The Validate Value control 
logic returns an updated CurField value (at 312 and 316) together with a valid/invalid indication, 
and where indicated (at 308) may return an updated value for NextProtocol. Using value 
0.times.8888 as an example, if the Validate Value control logic is applied to the Ethernet Type 
field and associated lookup structure shown in FIGS. 4a and 4d respectively, the lookup structure 
would be found (at 302), the value will be found in it (at 304), the associated Protocol field found 
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with the range containing 0.times.8888 value will be used to update the NextProtocol variable (at 
308) if it is NULL (at 306), and the associated Next Index field will be used to update the 
CurField variable)., an invalid state corresponding to protocol attribute values which 
confirm that said condition or conditions are or not satisfied, each protocol attribute 
being specified by an ordered sequence of protocol names used in the semantic flow 
and by a parameter name conveyed by a protocol whose name is indicated in said 
ordered sequence of protocol names; [[-]] means [[100]] for receiving communication 
data as long as these data have not afforded any protocol attribute value other than 
those from which said uncertain state of the filter results; and [[-]] means of transmission 
[[117]] of communication data useable by the action engine [[2]] to trigger said action 
when said valid state is contained in the data structure [50 , 52,52] (Col. 17 lines 63-67 - 
Col. 8 linesl-21) If Index is less than NextCriterialndex (at 402) it indicates that this filter criteria 
does not need to be evaluated. This may occur because a filter channel has been satisfied and 
NextCriterialndex has been set to TotalCriteria to disable further filter processing. If Index is 
greater than NextCriterialndex (at 404) this indicates that a filter criteria was skipped in the 
evaluation of this filter channel which invalidates the filter result. In this case, further filter 
evaluation is disabled (at 414) by setting NextCriterialndex to TotalCriteria and ApplyFilter 
returns to the caller. If Index and NextCriterialndex are equal, the field value is found (at 406) in 
the associated lookup table, NextCriterialndex is updated with the associated Nextlndex value 
and if the associated return value status is PASS, sub.-- FRAME, the System Filter Status is 
updated to PASS. sub.- FRAME. In this preferred embodiment, the range of possible values for a 
field must be fully covered. Similarly, in the preferred embodiment a frame will be completely 
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parsed for statistics gathering. Criteria (0) cannot be used to determine a P ASS/FILTER. sub. — 
FRAME result for the filter expression above because it must be logically AND'ed with criteria 
(1). This is illustrated in FIG. 10b, where every value results in no change to the status. The 
logical AND with criteria (1) is implemented using the Nextlndex value. If criteria (0) is FALSE 
then Nextlndex is 2 which causes criteria (1) to be skipped, otherwise Nextlndex is 1 .) 

Referring to claim 7 Baker discloses all the limitations of claim 7 which is described 
above. Baker also discloses wherein the system comprises a protocol interface 
allocated to each useable protocol in the semantic flow, and configured to receive from 
the filtering engine [[1]], the protocol attributes defined for the protocol to which the 
protocol interface is allocated; [[-]] the protocol interface [(40,41,42,23)] being 
configured so as to search through the communication data for the value of the 
specified parameter and to transmit this value to the filtering engine [[(1 )]] being 
configured so as to evaluate the state of the filter which corresponds to the value or to 
the absence of value or the absence of value transmitted by the protocol interface. (Col. 
17 lines 63-67 -Col. 8 linesl-21) If Index is less than NextCriterialndex (at 402) it indicates that 
this filter criteria does not need to be evaluated. This may occur because a filter channel has been 
satisfied and NextCriterialndex has been set to TotalCriteria to disable further filter processing. 
If Index is greater than NextCriterialndex (at 404) this indicates that a filter criteria was skipped 
in the evaluation of this filter channel which invalidates the filter result. In this case, further filter 
evaluation is disabled (at 414) by setting NextCriterialndex to TotalCriteria and ApplyFilter 
returns to the caller. If Index and NextCriterialndex are equal, the field value is found (at 406) in 
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the associated lookup table, NextCriterialndex is updated with the associated Nextlndex value 
and if the associated return value status is PASS. sub.- FRAME, the System Filter Status is 
updated to PASS. sub.- FRAME. In this preferred embodiment, the range of possible values for a 
field must be fully covered. Similarly, in the preferred embodiment a frame will be completely 
parsed for statistics gathering. Criteria (0) cannot be used to determine a PASS/FILTER.sub.-- 
FRAME result for the filter expression above because it must be logically AND'ed with criteria 
(1). This is illustrated in FIG. 10b, where every value results in no change to the status. The 
logical AND with criteria (1) is implemented using the Nextlndex value. If criteria (0) is FALSE 
then Nextlndex is 2 which causes criteria (1) to be skipped, otherwise Nextlndex is 1 .) 

Referring to claim 8 Baker discloses all the limitations of claim 8 which is described 
above. Baker also discloses wherein the database [[(6)]] comprises a first table [[(64)]] 
which contains a logical combination of rules for each filter, and a second table [[(65)]] 
which contains for each rule, a verification expression comprising at least one 
comparison operator, an argument of which is the protocol attribute. (Col. 17 lines 6-20 
Referring back to the ParseFields control logic shown in FIG. 13, the ParseFields control logic 
parses the fields in each protocol header contained in a particular network frame by using field 
values obtained in accordance with information specified in associated protocol descriptions. The 
ParseFields control logic is applied for each protocol description required for a particular 
network frame. If the ParseFields control logic were applied to the exemplary frame, M Frame 
(1)," described above, the network interface system 10 of the present invention would apply the 
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ParseFields control logic with the protocol descriptions for the Ethernet protocol shown in Table 
12, the GP shown in Table 13, and an unspecified Data protocol description.) 

Referring to claim 9 Baker discloses all the limitations of claim 9 which is described 
above. Baker also wherein to evaluate the state of the filter which corresponds to the 
value or to the absence of value transmitted by the protocol interface, the digital 
processing device is devised so as to evaluate the state of at least one rule on the 
logical combination as a function of the transmission of value and then the state given 
by the logical combination applied to the evaluated states of rules. (Col. 17 lines 63-67 - 
Col.8 linesl-21) If Index is less than NextCriterialndex (at 402) it indicates that this filter criteria 
does not need to be evaluated. This may occur because a filter channel has been satisfied and 
NextCriterialndex has been set to TotalCriteria to disable further filter processing. If Index is 
greater than NextCriterialndex (at 404) this indicates that a filter criteria was skipped in the 
evaluation of this filter channel which invalidates the filter result. In this case, further filter 
evaluation is disabled (at 414) by setting NextCriterialndex to TotalCriteria and ApplyFilter 
returns to the caller. If Index and NextCriterialndex are equal, the field value is found (at 406) in 
the associated lookup table, NextCriterialndex is updated with the associated Nextlndex value 
and if the associated return value status is PASS , sub.-- FRAME, the System Filter Status is 
updated to PASS. sub.-- FRAME. In this preferred embodiment, the range of possible values for a 
field must be fully covered. Similarly, in the preferred embodiment a frame will be completely 
parsed for statistics gathering. Criteria (0) cannot be used to determine a PASS/FILTER. sub.~ 
FRAME result for the filter expression above because it must be logically AND'ed with criteria 
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(1). This is illustrated in FIG. 10b, where every value results in no change to the status. The 
logical AND with criteria (1) is implemented using the Nextlndex value. If criteria (0) is FALSE 
then Nextlndex is 2 which causes criteria (1) to be skipped, otherwise Nextlndex is 1 .) 

Referring to claim 10 Baker discloses all the limitations of claim 10 which is described 
above. Baker also discloses wherein the database [[(6)]] comprises at least a third table 
containing several names of actions each designed for a different semantic flow with 
which a specific filter is associated. (Col. 2 lines 21-29 Finally, as networks become larger and 
more complex, the maintenance of a comprehensive statistics database by each network device 
becomes more important. Because these statistics databases typically are not utilized by a 
maintaining device, but instead are collected by a network management device, the collection 
process may affect performance adversely without any corresponding benefit to the collecting 
device.) (Col, 17 lines 63-67 -Col. 8 linesl-21) If Index is less than NextCriterialndex (at 402) it 
indicates that this filter criteria does not need to be evaluated. This may occur because a filter 
channel has been satisfied and NextCriterialndex has been set to TotalCriteria to disable further 
filter processing. If Index is greater than NextCriterialndex (at 404) this indicates that a filter 
criteria was skipped in the evaluation of this filter channel which invalidates the filter result. In 
this case, further filter evaluation is disabled (at 414) by setting NextCriterialndex to 
TotalCriteria and ApplyFilter returns to the caller. If Index and NextCriterialndex are equal, the 
field value is found (at 406) in the associated lookup table, NextCriterialndex is updated with the 
associated Nextlndex value and if the associated return value status is PASS, sub.- FRAME, the 
System Filter Status is updated to PASS. sub.- FRAME. In this preferred embodiment, the range 



Application/Control Number: 1 0/535,380 Page 1 4 

Art Unit: 2154 

of possible values for a field must be fully covered. Similarly, in the preferred embodiment a 
frame will be completely parsed for statistics gathering. Criteria (0) cannot be used to determine 
a PASS/FILTER. sub - FRAME result for the filter expression above because it must be 
logically AND'ed with criteria (1). This is illustrated in FIG. 10b, where every value results in no 
change to the status. The logical AND with criteria (1) is implemented using the Nextlndex 
value. If criteria (0) is FALSE then Nextlndex is 2 which causes criteria (1) to be skipped, 
otherwise Nextlndex is 1 .) 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art' are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claim 5 rejected under 35 U.S.C. 103(a) as being unpatentable over Baker (U.S. 
5,793,954) in view of Kloth ( WO 01/22686 A1). 

Referring to claim 5 Baker discloses all the limitations of claim 5 which is described 
above. Baker did not discloses wherein the method further comprises a step [[103]] in 
which the digital communication data are scanned so as to detect any change of value 
of a protocol attribute so as to make it possible to evaluate a change of state of the filter 
which corresponds to the change of value. The general concept of wherein the method 
further comprises a step [[103]] in which the digital communication data are scanned so 
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as to detect any change of value of a protocol attribute so as to make it possible to 
evaluate a change of state of the filter which corresponds to the change of value is well 
known in the art as taught by Kloth. Kloth discloses wherein the method further 
comprises a step [[103]] in which the digital communication data are scanned so as to 
detect any change of value of a protocol attribute so as to make it possible to evaluate a 
change of state of the filter which corresponds to the change of value. (Pg. 6 lines 10-30 
A set &rules are used to define a pattern (or set of patterns) to be analyzed (or compared/ 
attached) in the incoming BP data flow. The rules can be edited or developed via an appropriate 
graphical interface. The rules can be applied on-the-fly (e.g. real-time or online, etc.) via a just- 
in-time (JIT) compiler, or the like. The rules might also be imposed at runtime without the use 
ofa JIT compiler. The pattern can be located anywhere within the IP flow, e.g. IP packet headers 
or packet data. Upon detection of a certain pattern, actions can be performed upon the DP flow 
and/or individual IP packets. Such actions can include routing decisions, wherein the packet is 
mapped to a certain routing capability. Such traffic policing capabilities can include Unspecified 
Bit Rate (UBR), Variable Bit Rate (VBR), Constant Bit Rate (CBR) or their equivalents. The 
packet can also be buffered for sending later, and/or for evening out traffic loads between various 
points (or nodes) in a network. In yet another aspect, the routing assignments are mapped onto 
existing Quality of Service (QoS) and/or Class of Service (COS) capabilities. In still another 
aspect, the data flow is altered or modified as a result of a detected pattern, which is a function of 
an associated rule. The detected pattern can be altered or modified. Alternatively, the [P packet 
itself can be altered or modified. This would include changing (or exchanging) destination 
addresses, or the like, for data packets. In still another aspect, the data flow (or packets) might be 
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dropped intermittently, or discarded altogether, as a result of a detected data pattern. For 
instance, all data packets associated with a certain virus pattern might be dropped or discarded). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify Baker to include wherein the method further comprises a step [[103]] in which 
the digital communication data are scanned so as to detect any change of value of a 
protocol attribute so as to make it possible to evaluate a change of state of the filter 
which corresponds to the change of value in order to provide a router -based switching 
system that is processor -based and provides a fully flexible state machine for routing 
data packets. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ashley d. Turner whose telephone number is 571-270- 
1603. The examiner can normally be reached on Monday thru Friday 7:30a.m. - 
5:00p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nathan Flynn can be reached at 571-272-1915. The fax phone number for 
the organization where this application or proceeding is assigned is 571-270-2603. 
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